Apparatus and method for autonomic email access control

ABSTRACT

A software application and corresponding architecture to implement the application that dynamically updates the access control list and keeps track of the distribution routes of a document in a repository where the document is built and accessed through usage of a common email system. The access control list and distribution routes are built by tracking recipients of the email message linked to the document. Some recipients can be disabled by the originator from forwarding the referenced databases within the emailed document, while others may designate further transmissions to selected persons or groups.

BACKGROUND OF INVENTION

The present invention relates to a computer implemented method forcontrolling communication between networks and among a plurality ofusers, specifically, sharing of documents while controlling access todatabases referenced in the documents, and maintaining an accessiblerecord of all recipients of the shared document.

Sharing of information in the current environment of systems isdependent on the proprietor of the information. In order to make theinformation available to a widely dispersed public, the proprietor willneed to submit the information to a central repository. Work groups arecommon in the corporate environment, and the sharing of groupinformation is a successful component of the work group dynamic. Workgroup documents may contain any combination of text, numbers, computerprogram source code, computer hardware schematics or layouts, databaserecords, database references, digitized audio, digitized video,digitized visual images, or other digital information. The availabilityof this information is dependent somewhat upon the availability of therepository and the awareness of other people having access to therepository. Generally, when submitting to a widely available repository,the originator or proprietor does not have complete control over theaccess to the submitted information. Secrecy controls, when applicable,attempt to allow members of the work group to review and edit thedocuments while preventing such access by others outside the group.

Access control lists have been introduced to enhance security controlmeasures. System users are assigned to one or more groups by a systemadministrator, and an access list, which matches groups with accessrights, is associated with documents in the computer system. Going onestep further, some work groups encrypt their documents. In an encryptedform, the documents cannot be understood. An encryption “key” isrequired to decrypt the document. In U.S. Pat. No. 5,787,175 issued toCarter on Jul. 28, 1998, entitled, “METHOD AND APPARATUS FORCOLLABORATIVE DOCUMENT CONTROL,” a combination of public-keycryptographic methods, symmetric cryptographic methods, and messagedigest generation methods are used for controlling collaborative accessto a work group document. Users who are currently members of acollaborative group can readily access the information, while users whoare not currently members of the group cannot. Although access controlis defined, an automated method of notifying the originator andacquiring the originator's approval for access to the referenceddatabases identified within the originator's document to forwardedrecipients of the document is not disclosed or taught. Nor is thetracking path of the shared document retained or filed for laterinspection by the originator.

In U.S. Pat. No. 6,356,010 issued to Viets, et al., on Mar. 12, 2002,entitled, “SYSTEM AND METHOD FOR CONTROLLING ACCESS TO DOCUMENTS STOREDON AN INTERNAL NETWORK,” a system for limiting access from an externalnetwork to documents stored on an internal network is taught. A clientlist is built in which each client is assigned to one or more roles.Each role has access to one or more documents. A requested document iscompared to the document list associated with the client's role, and ifthe requested document is in the list of documents available to theclient in the client's role, the requested document is retrieved. Again,an automated method of notifying the originator and acquiring theoriginator's approval for access to the referenced databases identifiedwithin the originator's document to forwarded recipients of the documentis not disclosed or taught. Nor is the tracking path of the shareddocument retained or filed. Thus, the originator does not have theability to learn of those interested in his or her work.

Under these control access schemes, even when information is availablein a central database, a user's attention is not automatically drawn tothe value of this information. Nor is the originator's attention drawnto the information needs of others reviewing the document, which wouldprovide insight as to the valued perception attributed by the documentreviewers.

In U.S. Pat. No. 6,212,534 issued to Lo, et al., on Apr. 3, 2001,entitled, “SYSTEM AND METHOD FOR FACILITATING COLLABORATION INCONNECTION WITH GENERATING DOCUMENTS AMONG A PLURALITY OF OPERATORSUSING NETWORKED COMPUTER SYSTEMS,” document information relating todocuments being generated is stored along with a user module; thedocument information including both document structure and documentcontent. The user module includes a whiteboard display module to displaya whiteboard to a user, selectively displaying document structure andcontent. Notecards are assigned to associate documents in a hierarchicalorganization, and stored separately from each other. Each notecardrepresents and effectively contains a content item, which may be used ina document. Lo, however, does not teach or disclose the tracking path ofthe shared document retained or filed for later inspection by theoriginator. Moreover, any comments made by an operator regarding aspecific document are performed and retained on an associated notecardthat is displayed on the separate whiteboard.

Bearing in mind the problems and deficiencies of the prior art, it istherefore an object of the present invention to provide an apparatus andmethod for autonomic email access control of shared documents.

It is another object of the present invention to provide an apparatusand method for autonomic email access control of shared documents thatmaintain the tracking path of the shared document retained or filed forlater inspection by the originator.

A further object of the invention is to provide an apparatus and methodfor autonomic email access control of shared documents that allows theoriginator to assign access authorization for database links within adocument, and expand the review of the shared information.

It is yet another object of the invention to provide an apparatus andmethod for autonomic email access control of databases links referencedwithin shared documents to allow the originator to assign accessinformation regarding referenced databases within an emailed document.

Still other objects and advantages of the invention will in part beobvious and will in part be apparent from the specification.

SUMMARY OF INVENTION

The above and other objects and advantages, which will be apparent toone of skill in the art, are achieved in the present invention, which isdirected to, in a first aspect, a method of autonomic building andupdating access control for referenced databases in documents sent viaemail by an originator to addressees, comprising: dynamically updatingan access control list of the addressees for the originator of theemail; tracking distribution routes of the documents in a repository;and providing a request to the originator and a response from theoriginator to any of the addressees for approving, altering, orrejecting the access of said referenced databases in said documents. Themethod further comprises building and accessing the document throughusage of a common email system, and tracking recipients of the emailthat are linked to the document. The method includes generating adatabase request table including identifying database servers,addressees, and types of access control. The types of access controlinclude view, edit, author functions, or an access denied function.Providing the request to the originator includes having the originatorreceive the request in the form of an email that provides a mechanismfor approving, rejecting, or altering each access control list for eachnew addressee, and building an appropriate database transaction for eachdatabase server. The method further comprises determining whether theaddressees and access requests for each of the addressees match theaccess control list within each of the databases, and updating theaccess control list to match the database transaction.

The method further includes the deployment of the process software, thedeployment comprising: installing the process software on at least oneserver; identifying server addresses for users accessing the processsoftware on the at least one server; installing a proxy server ifneeded; sending the process software to the at least one server via afile transfer protocol, or sending a transaction to the at least oneserver containing the process software and receiving and copying theprocess software to the at least one server's file system; accessing theprocess software on a user's client computer file system, or sending theprocess software to users via email; and executing the process softwareby the users. The step of installing the process software furthercomprises: determining if programs will reside on the at least oneserver when the process software is executed; identifying the at leastone server that will execute the process software; and transferring theprocess software to the at least one server's storage. The step ofaccessing the process software includes having the at least one serverautomatically copying the process software to each client computer,running an installation program at each client computer, and executingthe installation program on the client computer. Sending the processsoftware to the users via email further comprises identifying the usersand addresses of the client computers. Executing the process software bythe users includes sending the process software to directories on theclient computers.

The method comprises the integration of process software for updatingaccess control for referenced databases in documents sent via email byan originator to addressees, the integration comprises: determining ifthe process software will execute on at least one server; identifyingthe at least one server address, including checking the at least oneserver for operating systems, applications, network operating systems,or version numbers for validation with the process software, andidentifying any missing software applications that are required forintegration; updating the operating systems, the applications, or thenetwork operating systems that are not validated for the processsoftware, and providing any of the missing software applicationsrequired for the integration; identifying client addresses and checkingthe client's computers for operating systems, applications, networkoperating systems, or version numbers for validation with the processsoftware, and identifying any missing software applications that arerequired for integration; updating the client's computers with theoperating systems, the applications, or the network operating systemsthat are not validated for the process software, and providing any ofthe missing software applications required for the integration; andinstalling the process software on the client's computers and the atleast one server.

The method may further comprise on demand sharing of process softwarefor updating access control for referenced databases in documents sentvia email by an originator to addressees, the on demand sharingcomprising: creating a transaction containing unique customeridentification, requested service type, and service parameters; sendingthe transaction to at least one main server; querying the server'scentral processing unit capacity for adequate processing of thetransaction; and allocating additional central processing unit capacitywhen additional capacity is needed to process the transaction, andsending the additional central processing unit capacity to the server,or checking environmental capacity for processing the transaction,including network bandwidth, processor memory, or storage, andallocating the environmental capacity as required. The method furtherincludes recording usage measurements including network bandwidth,processor memory, storage, or the central processing unit cycles. Themethod may also comprise summing the usage measurements, acquiring amultiplicative value of the usage measurements and unit costs, andrecording the multiplicative value as an on demand charge to arequesting customer. Moreover, the method may include posting the ondemand charge on a web site if requested by the requesting customer, orsending the demand charge via email to the requesting customer's emailaddress. In addition, the method may include charging the on demandcharge to the requesting customer's account if an account exists and therequesting customer selects a charge account payment method.

The method includes deploying, accessing, and executing process softwarefor updating access control for referenced databases in documents sentvia email by an originator to addressees through a virtual privatenetwork, the method further comprising: determining if the virtualprivate network is required; checking for remote access of the virtualprivate network; if the remote access does not exist, identifying athird party provider to provide secure, encrypted connections between aprivate network and remote users, identifying the remote users, andsetting up a network access server for downloading and installingdesktop client software for remotely accessing the virtual privatenetwork; accessing the process software; transporting the processsoftware to the remote user's desktop; and executing the processsoftware on the remote user's desktop.

The method of deploying, accessing, and executing process softwarethrough the virtual private network further includes: determining if thevirtual private network is available for site-to-site access, orinstalling equipment required to establish the site-to-site virtualprivate network, and installing large scale encryption into the virtualprivate network; and accessing the process software on the site-to-siteconfiguration. The step of accessing the process software furthercomprises dialing into the network access server or attaching directlyvia a cable or DSL modem into the network access server.

In a second aspect, the present invention is directed to a method ofautonomic building and updating access control of referenced databaseson documents shared via email, comprising: selecting a list ofaddressees in an email transmission to give access to the referenceddatabases; selecting the type of access for the selected list ofaddressees; constructing an email transaction to send to an originator,the email transaction including database and access requests for each ofthe addressees; constructing database transactions to send to databaseservers; sending the database transactions to the database servers;matching the list of addressees and access requests to an access controllist in the database; sending the email transaction to the addressees;requesting forwarding approval by the addressees of the referenceddatabases from the originator; transmitting a forwarding approval orrejection from the originator to the addressee; and tracing emailforwarding for the originator. Selecting the type of access furthercomprises providing a menu for the originator of the email transmission.Constructing the email transaction to send to the originator furthercomprises sending the transaction to the originator for access approvalor rejection of the referenced databases. The database transactionscomprise information from a database request table. The database serversprocess database access requests. The access control list is updated ifthe match is not complete. The method further comprises having thetracing of email include names and email addresses of any addressee.

In a third aspect, the present invention is directed to a programstorage device readable by a machine, tangibly embodying a program ofinstructions executable by the machine to perform method steps forbuilding and updating access control for referenced databases indocuments sent via email by an originator to addressees, the methodsteps comprising: dynamically updating an access control list of theaddressees for the originator of the email; tracking distribution routesof the documents in a repository; and providing a request to theoriginator and a response from the originator to any of the addresseesfor approving, altering, or rejecting the forwarding of the referenceddatabases in the documents. The program storage device further comprisesthe method steps of building and accessing the document through usage ofa common email system, tracking recipients of the email that are linkedto the document, and having the originator receive the request in theform of an email that provides a mechanism for approving, rejecting, oraltering each access control list for each new addressee. The programstorage device further includes the method step of building anappropriate database transaction for each database server.

In a fourth aspect, the present invention is directed to a programstorage device readable by a machine, tangibly embodying a program ofinstructions executable by the machine to perform method steps forbuilding and updating access control for referenced databases indocuments sent via email by an originator to addresses, the method stepscomprising: selecting a list of addressees in an email transmission togive access to the referenced databases; selecting the type of accessfor the selected list of addressees; constructing an email transactionto send to an originator, the email transaction including database andaccess requests for each of the addressees; constructing databasetransactions to send to database servers; sending the databasetransactions to the database servers; matching the list of addresseesand access requests to an access control list in the database; sendingthe email transaction to the addressees; requesting forwarding approvalby the addressees of the referenced databases from the originator;transmitting a forwarding approval or rejection from the originator tothe addressee; and tracing email forwarding for the originator. Theprogram storage device further comprises the method steps of sending thetransaction to the originator for access approval or rejection, andadministering access approval for viewing, editing, or administratingthe referenced databases.

BRIEF DESCRIPTION OF DRAWINGS

The features of the invention believed to be novel and the elementscharacteristic of the invention are set forth with particularity in theappended claims. The figures are for illustration purposes only and arenot drawn to scale. The invention itself, however, both as toorganization and method of operation, may best be understood byreference to the detailed description which follows taken in conjunctionwith the accompanying drawings in which:

FIG. 1 is a flowchart of the application process.

FIG. 2 is a continuation of the flowchart of FIG. 1 of the applicationprocess.

FIG. 3 is a continuation of the flowchart of FIG. 1 of the applicationprocess.

FIG. 4 is a sample database request table.

FIG. 5 is a schematic of the system architecture for the applicationprocess.

FIGS. 6A and 6B are flowcharts of the process flow for deployment of theprocess software.

FIGS. 7A and 7B are flow charts of the process flow for integration ofthe software for autonomic building and updating of access control inemail systems into a client, server, and network environment.

FIGS. 8A and 8B are flow charts of the process flow for sharing andsimultaneously serving the process software of the present invention tomultiple customers in an on demand format.

FIGS. 9A-9C are flow charts for deploying, accessing, and executing theprocess software through the use of a virtual private network.

DETAILED DESCRIPTION

In describing the preferred embodiment of the present invention,reference will be made herein to FIGS. 1-9 of the drawings in which likenumerals refer to like features of the invention. Features of theinvention are not necessarily shown to scale in the drawings.

The present invention defines a software application and correspondingarchitecture to implement the application that dynamically updates theaccess control list for databases referenced within a document, andkeeps track of the distribution routes of the document in a knowledgerepository where the document is built and accessed through usage of acommon email system. The access control list and distribution routes arebuilt by tracking recipients of the email message linked to thedocument. Some recipients may be disabled by the originator from havingaccess to the document links within the document, while others maydesignate with the originator's approval of access for selected personsor groups.

The software may be implemented in numerous software languages that arecompatible with the system hardware, and is not limited to any oneparticular software language. Moreover, various hardware schemes may beconstructed to implement the application software, such that the processis not limited to a singular, specific hardware configuration.

By way of example, the workings of the instant invention can besummarized using the following application scenario. An originator of acompany confidential document works on-site at one of the company'sfacilities. The originator has a document containing links to databasesthat explain or provide important information regarding a proposedsystem, which he would like to share with anyone in the organizationthat is interested and has a bonafide need to know. Unfortunately, theoriginator himself is only aware of his direct colleagues who would beinterested in the document. He is unaware of others throughout theorganization, including those off-site, that may have a need for hisproposed system, may be in a position to provide direct input to hisproposal, or may simply be interested in a collateral manner in hisdesign by for example a marketing department, an investment decisionboard, or other such collaterally interested parties. The originatorsends the document to his team of direct colleagues via email. Since theoriginator would like to share the linked databases within the documentwith others, and control the access to the linked databases within thedocument, he identifies and allows only certain individuals of those towhom he first sent the document to have the authority to access thelinked databases the document. After one of the first tier recipientsreviews the document, the first tier recipient may forward it on toothers, the second tier recipients. Importantly, the second tierrecipients must receive the access authority from the originator to viewthe database links within the document. Some recipients may not havethis access authority and will be denied by the system if they attemptto access the database links within the document.

For those first tier recipients with authority from the originator toaccess database links within the document, the documents may beforwarded with a request from the first tier recipients to theoriginator to allow access authority to the selected second tierrecipients. Thus, the second tier of recipients may or may not have theauthority to access the linked databases referenced within the document.This access authority allows recipients to view the linked databasesonly at the discretion of the originator. Moreover, the second tierrecipients may also forward the document with the same restrictions onaccess authority to the database links, where knowledge and approval ofthe originator is required for viewing the databases. Through thisaccess control, individuals and groups, not at first known to theoriginator as being interested reviewers, may view the referenceddatabases through secured channels based on the originator's selectionof recipients and those the originator authorizes for access to thereferenced databases within the document. Importantly, the originatorreviews and acknowledges authority for access to the referenceddatabases for every potential recipient including those outside his owndirect group of interested people. The originator also determines whichrepository the document should be submitted. The forwarding of thedocument with access control for the database links by the originatorallows for other attention to be drawn to the document outside theoriginator's initial group and the originator's initial awareness.

After waiting a period of time, for example a couple of days, theoriginator may decide to trace his document. This will allow him to knowwhich persons, departments, or organizations have been exposed to thedocument, and those who may have been provided access authority to thereferenced databases within the document. Before the originator developshis document further, he is able to view the information provided alongwith the trace. This information includes identification of people andgroups who can support him to further develop his document and bring itto the attention of key decision makers.

FIGS. 1-3 depict the application flow for the present invention.Referring to FIG. 1, the process commences 100 by having the originatoradd addresses for first tier recipients 101 to an email that hasdatabase links attached thereto. The originator is the first person toconstruct the email, and is the first person to distribute the email.The originator must first decide whether to give access to the databases102 to the first tier addressees on the email for the database linksincluded therein. If the originator does not authorize access to any ofthe first tier recipients, this application exits 103 since theoriginator is not interested in tracing the document or allowing thisset of addressees to view the referenced databases. If the originatordecides to give certain first tier recipients access to the databaseslinked in the document, he would select which recipients are authorizedto view selected linked databases from the list of addressees 104. Thelist of databases is accessed after addressing the email. Theapplication software of the present invention makes a menu available onrequest that contains the list of addressees, available databases, andthe choice of access type to give each addressee for each database 105.The choices include, but are not limited to, view, edit, audit, andvarious other administrative functions. The originator's name andaddress is automatically placed in the header of the email. All of thisinformation is placed in a database request table, and the databaserequest table is then placed in the header of the email. A sampledatabase request table is illustrated in FIG. 4. Once the original emailis entered into the system, the application software checks to see if itis the first time this email is being distributed 106, i.e., if it camedirectly from the originator. If it is the first time for distribution108, database transactions are then constructed and sent to the databaseservers. The database transactions contain the information from thedatabase request table. If it is not the first time of distribution, anemail transaction is constructed for the originator 107. This is atransaction containing database and access requests for each second tieraddressee that is sent to the originator for his approval. The databasetransactions contain the same information supplied in the databaserequest table. When an email transaction is constructed for theoriginator, an email request is sent to the originator 300, as depictedin FIG. 3. Addressees who wish to have others gain access to thedatabases send the email transaction to the originator for approval. Theaddress of the originator is taken from the previously saved address inthe header of the email sent to the addressees. The originator receivesthe request 301 in the form of an email that provides a mechanism toapprove, reject, or alter each access control list for each of the newaddressees 302. The application then builds the appropriate transactionsfor the database servers 303.

As shown in FIG. 2, for first time distributions, the databasetransactions are sent to the database servers, which will process thedatabase access requests 200. The servers receive the transactions sentfrom the sender of the email 201, and processed by the database servers.This processing determines whether the list of addressees and the accessrequests for each addressee match the access control list (ACL) for eachdatabase 202. If a complete match cannot be made, the access controllist is updated to match the database transaction 203. The email is thensent to the addressees 204. Once the addressees receive the email 205,the application of the present invention allows these first tierrecipients to forward the email to a new list of addressees or secondtier recipients while notifying and requesting the originator for accessauthorization of the linked database references within the emaileddocument for selected second tier addressees. If no forwarding isperformed, the application exits 103. Else, the application loops backto have the originator select which addressees to give access 104.Importantly, the originator is selecting which second tier addressees togive access to the database references within the document; the firsttier recipient recommends which recipient should have access, but doesnot give authorization. The originator becomes aware of the forwardingwhen asked to authorize access to the referenced databases within thedocument. Through this process, the originator relies upon the firsttier recipients to recommend the dissemination of the information in thedatabases to those that the first tier recipients decide have a need toknow, would benefit from the information, or could provide insightfulcomment.

FIG. 4 depicts an illustrative database request table for the presentinvention. Two databases are shown with associated database servers.Addressees are given individual access by the originator as requested.The originator has the ability to limit the access to the referenceddatabases. For example, some recipients are entitled only to view theinformation, while others may edit.

As shown in FIG. 5, the application software of the present inventionmay be performed on conventional stored-program computer architecture400. A system unit generally includes processing, memory, mass storagedevices such as disc and/or tape storage elements 401 and otherelements, including network interface devices 402 for interfacing withthe respective computer communications link 403. Video display units 404permit the computer to display processed data and processing status tothe operator. Operator input devices 405 allow the operator to inputdata and control processing by the computer. The computers transferinformation in the form of messages through network interface devicesamong each other over various communication links.

Method for Deployment

While it is understood that the process software for autonomic buildingand updating of access control in email systems may be deployed bymanually loading directly in the client, server, and proxy computers vialoading a storage medium such as a CD, DVD, and the like, the processsoftware may also be automatically or semi-automatically deployed into acomputer system by sending the process software to a central server or agroup of central servers. The process software is then downloaded andexecuted by client computers. Alternatively, the process software issent directly to the client system via email. The process software isthen either detached to a directory or loaded into a directory by abutton associated with the email that executes a program on demand. Theexecuted program detaches the process software into a directory. Anotheralternative is to send the process software directly to a directory onthe client computer hard drive. When there are proxy servers, theprocess software will select the proxy server code, determine whichcomputers to place the proxy servers' code, transmit the proxy servercode, and install the proxy server code on the proxy computer. Theprocess software is then transmitted to the proxy server and storedtherein.

FIGS. 6A and 6B detail the process flow for deployment of the processsoftware. Referring to FIGS. 6A and 6B, Step 1000 begins the deployment.First, a determination is made regarding any programs that will resideon a server or servers when the process software is executed 1010. Ifsuch programs exist, the servers that will contain the executables areidentified 2090. The process software for the server or servers istransferred directly to the servers' storage via an establishedprotocol, such as file transfer protocol (FTP), and the like, or bycopying though the use of a shared file system 2100. The processsoftware is then installed on the servers 2110.

Next, a determination is made on whether the process software is bedeployed by having users access the process software on a server orservers 1020. If the users are to access the process software onservers, server addresses are identified 1030 to store the processsoftware.

It is then determined if it is necessary to build a proxy server 2000 tostore the process software. A proxy server is a server that sits betweena client application, such as a Web browser, and a real server. Itintercepts all requests to the real server in an attempt to fulfill therequests itself. If it is not possible for the proxy server to fulfillthe requests, then the proxy server will forward the request to the realserver. The two primary benefits of a proxy server are to improveperformance and to filter requests. If a proxy server is necessitated,then it is installed 2010. The process software is sent to the serverseither via an established protocol, such as FTP, and the like, or it iscopied directly from the source files to the server files via filesharing 2020.

In another embodiment, a transaction is sent to servers that contain theprocess software. The servers then process the transaction, and receiveand copy the process software to the servers' file systems. Once theprocess software is stored at the servers, the users via their clientcomputers access the process software on the servers and copy to theirclient computers file systems 2030. In a separate embodiment, theservers automatically copy the process software to each client and thenrun the installation program for the process software at each clientcomputer. The user executes the program that installs the processsoftware on his client computer 2120, and exits the process 1080.

In step 1040 determination is made whether the process software isdeployed by sending the process software to users via e-mail. The set ofusers where the process software will be deployed are identifiedtogether with the addresses of the users' client computers 1050. Theprocess software is sent via e-mail to each of the users' clientcomputers. The users then receive the e-mail 2050 and detach the processsoftware from the e-mail to a directory on their client computers 2060.Each user executes the program that installs the process software on hisclient computer 2120 and exits the process 1080.

Last, a determination is made as to whether the process software will besent directly to users' directories on their client computers 1060. Ifit is sent, the user directories are identified 1070. The processsoftware is transferred directly to each user's client computerdirectory 2070. This can be done in several ways, such as sharing of thefile system directories and then copying from the sender's file systemto the recipient user's file system, or alternatively using a transferprotocol such as FTP, and the like. The users access the directories ontheir client file systems in preparation for installing the processsoftware 2080. The users execute the program that installs the processsoftware on their client computer 2120, then exit the process 1080.

Method for Integration

The process software for autonomic building and updating of accesscontrol in email systems may be integrated into a client, server, andnetwork environment by providing for the process software to coexistwith applications, operating systems, or network operating systemssoftware, and installing the process software on the clients and serversin an environment where the process software will function.

Initially, one must identify any software on the clients and servers,including the network operating system, where the process software willbe deployed, that is required by the process software or that work inconjunction with the process software. This includes the networkoperating system or other software that enhances a basic operatingsystem by adding networking features.

The software applications and version numbers are then identified andcompared to a list of software applications validated to work with theprocess software. Those software applications that have not beenvalidated for integration are subsequently upgraded. Programinstructions that pass parameters from the process software to thesoftware applications are checked to ensure the parameter lists matchthe parameter lists required by the process software. Converselyparameters passed from the software applications to the process softwareare checked to ensure the parameters match the parameters required bythe process software. The client and server operating systems includingthe network operating systems are identified and compared to a list ofoperating systems, version numbers, or network software, all previouslytested to work with the process software. Those operating systems,version numbers, and network software that do not match the list oftested operating systems and version numbers are subsequently upgradedto the required level on the clients and servers.

After ensuring that the software locale where the process software is tobe deployed is at the correct version level validated to work with theprocess software, the integration is then completed by installing theprocess software on the clients and servers.

Referring to FIGS. 7A and 7B, step 2200 begins the integration of theprocess software. Initially, a determination is made regarding processsoftware programs that will execute on a server or servers 2210. If thisis the case, the server addresses are identified 2220. The servers arechecked to see if they contain software that includes the operatingsystem applications, or network operating systems (NOS), together withtheir version numbers, that have been validated with the processsoftware 2230. The servers are also checked to determine if there is anymissing software that is required by the process software 2230.

The version numbers are checked for a match to the version numbers ofthe operating system, applications, or network operating systems,validated with the process software 2240. If all of the versions matchand there is no required software absent, the integration continues2270. If one or more of the version numbers do not match, then theunmatched software versions are updated on the servers with the correctsoftware versions 2250. Additionally, any missing software required foroperation is updated on the servers 2250. Installing the processsoftware 2260 completes the server integration.

A process step is initiated to see if there are any programs of theprocess software that will execute on the clients 2270. If no processsoftware programs execute on the clients, the integration exits 2300. Ifsoftware executes on the clients, the client addresses are identified2280. The clients are checked for software that includes the operatingsystem, applications, or network operating systems, together with theirversion numbers, validated with the process software 2290. The clientsare also checked to determine if there is any missing software that isrequired by the process software 2290.

A determination is made as to whether the version numbers match theversion numbers of the operating system, the applications, or networkoperating systems, validated with the process software 2310. If all ofthe versions match and there is no required software absent, theintegration exits.

If one or more of the version numbers do not match, then the unmatchedversions are updated on the clients with the correct versions 2320. Inaddition, if there is required software missing, it is also updated onthe clients 2320. Installing the process software on the clients 2330completes the integration.

On Demand Computing

Business importance of On Demand computing is increasingly becoming adesired attribute. The process software of the present invention forautonomic building and updating of access control in email systems isshared; simultaneously serving multiple customers in a flexible,automated fashion. It is standardized, requiring little customization,and is scalable, providing capacity on demand in a pay-as-you-go model.

The process software can be stored on a shared file system accessiblefrom one or more servers. The process software is executed viatransactions that contain data and server processing requests using CPUunits on the accessed server. CPU units are units of time such asminutes, seconds, and hours on the central processor of the server.Additionally the assessed server may make requests of other servers thatrequire CPU units. CPU units are an example that represents but onemeasurement of use. Other measurements of use include, but are notlimited to, network bandwidth, memory usage, storage usage, packettransfers, and complete transactions.

When multiple customers use the same process software application, theirtransactions are differentiated by the parameters included in thetransactions identifying a unique customer and the type of service forthat customer. All of the CPU units and other measurements of use thatare used for the services for each customer are recorded. When thenumber of transactions to any one server begins to affect theperformance of that server, other servers are accessed to increasecapacity and share the workload. Likewise when other measurements of usesuch as network bandwidth, memory usage, and storage usage, approach acapacity that affects performance, additional network bandwidth, memoryusage, or storage, is added to share the workload.

The measurements of use for each service and customer are sent to acollecting server that sums the measurements of use for each customer.This is performed for each service that was processed anywhere in thenetwork of servers that provides the shared execution of the processsoftware. The summed measurements of use units are periodicallymultiplied by unit costs, and the resulting total process softwareapplication service costs are alternatively sent to the customer orindicated on a web site accessed by the customer, which then remitspayment to the service provider.

In another embodiment, the service provider requests payment directlyfrom a customer account at a banking or financial institution.

In yet another embodiment, if the service provider is also a customer ofthe customer that uses the process software application, the paymentowed to the service provider is reconciled to the payment owed by theservice provider to minimize the transfer of payments.

Referring to FIGS. 8A and 8B, the On Demand process commences at step2400. A transaction is created containing the unique customeridentification, the requested service type, and any service parametersthat further specify the type of service 2410. The transaction is thensent to the main server 2420. In an On Demand environment, the mainserver can initially be the sole server, and then as capacity isconsumed, other servers may be added. The server central processing unit(CPU) capacities in the On Demand environment are queried 2430. The CPUrequirement of the transaction is estimated, and the servers' availableCPU capacity is compared to the transaction CPU requirement to see ifthere is sufficient capacity in any server to process the transaction2440. If there is not sufficient server CPU available capacity, thenadditional capacity is allocated to process the transaction 2480. Ifthere is already sufficient CPU capacity available, the transaction issent to a selected server 2450.

Before executing the transaction, a check is made of the remaining OnDemand environment to determine if the environment has sufficientavailable capacity for processing the transaction. This environmentcapacity consists of such things as network bandwidth, processor memory,storage, and the like 2460. If there is not sufficient availablecapacity, capacity is added to the On Demand environment 2470. Therequired software to process the transaction is then accessed and loadedinto memory. The transaction is then executed 2490.

The usage measurements are recorded 2500. The usage measurements consistof the portions of those functions in the On Demand environment that isused to process the transaction. The usage of such functions as networkbandwidth, processor memory, storage and CPU cycles are recorded. Theusage measurements are summed, multiplied by unit costs, and recorded asa charge to the requesting customer 2510.

On Demand costs may be posted to a web site 2530 if the customer has sorequested. Or the customer may request 2540 that the On Demand costs besent via e-mail to a customer address 2550. If the customer hasrequested that the On Demand costs be paid directly from a customeraccount 2560, then payment is received accordingly 2570.

Virtual Private Networks

The process software for autonomic building and updating of accesscontrol in email systems may be deployed, accessed, and executed throughthe use of a virtual private network (VPN), which is any combination oftechnologies that can be used to secure a connection through anotherwise unsecured or untrusted network. The use of VPNs is to improvesecurity and to reduce operational costs. The VPN makes use of a publicnetwork, usually the Internet, to connect remote sites or userstogether. Instead of using a dedicated, real-world connection such asleased line, the VPN uses “virtual” connections routed through theInternet from the company's private network to a remote site. Access tothe software via a VPN can be provided as a service by specificallyconstructing the VPN for purposes of delivery or execution of theprocess software, for example when the software resides elsewhere. Thelifetime of the VPN may be limited to a given period of time or a givennumber of deployments based on an amount paid.

The process software may be deployed, accessed and executed througheither a remote-access or a site-to-site VPN. When using remote-accessVPNs the process software is deployed, accessed and executed via thesecure, encrypted connections between a company's private network andremote users through a third-party service provider. The enterpriseservice provider (ESP) sets a network access server (NAS) and providesremote users with desktop client software for their computers. Thetelecommuters are then able to dial a toll-free number or attachdirectly via a cable or DSL modem in order to reach the NAS and usetheir VPN client software to access the corporate network and to access,download, and execute the process software.

When using the site-to-site VPN, the process software is deployed,accessed, and executed through the use of dedicated equipment andlarge-scale encryption that may be used to connect a company's multiplefixed sites over a public network such as the Internet.

The process software is transported over the VPN via tunneling which isthe process of placing an entire packet within another packet andsending it over a network. The protocol of the outer packet isunderstood by the network and interface points, called tunnelinterfaces, where the packet enters and exits the network.

Referring to FIGS. 9A-9C, step 2600 begins the Virtual Private Network(VPN) process. A determination is made to see if a VPN for remote accessis required 2610. If required, the system checks to see if a remoteaccess VPN exists 2640. If one does not exist, a third party provider isidentified that will provide the secure, encrypted connections betweenthe company's private network and the company's remote users 2760. Thecompany's remote users are identified 2770. The third party providerthen sets up a network access server (NAS) 2780 that allows the remoteusers to dial a toll free number or attach directly via a cable ordigital subscriber line (DSL) modem to access, download, and install thedesktop client software for the remote-access VPN 2790.

After the remote access VPN has been built or if previously installed,the remote users may access the process software by dialing into the NASor attaching directly via a cable or DSL modem into the NAS 2650. Thisallows entry into the corporate network where the process software isaccessed 2660. The process software is transported to the remote user'sdesktop over the network via tunneling. The process software is dividedinto packets and each packet including the data and protocol is placedwithin another packet 2670. When the process software arrives at theremote user's desktop, it is removed from the packets, reconstituted andexecuted on the remote users desktop 2680.

When a VPN for remote access is not required, a determination is made tosee if a VPN for site to site access is required 2620. If it is notrequired, the process exits 2630. Otherwise, determination of the siteto site VPN is made 2690. If the site to site VPN does not exist,dedicated equipment required to establish a site to site VPN must beinstalled 2700. Large scale encryption is then built into the VPN 2710.After the site to site VPN has been built or if it had been previouslyestablished, the users access the process software via the VPN 2720. Theprocess software is transported to the site users over the network viatunneling. That is the process software is received by being dividedinto packets, each packet including the data and protocol placed withinanother packet 2740. When the process software arrives at the remoteuser's desktop, it is removed from the packets, reconstituted, andexecuted on the site users desktop 2750.

Autonomic building and updating of access control in email systems ispossible through the implementation of the present application. Softwarethat is capable of performing the functional steps described in FIGS.1-3 will allow an originator to be informed of the recipients that werenot on the originator's initial access list through a selectivedissemination process whereby the originator delegates selection ofsecond tier recipients to the discretion of the first tier recipients,and then authorizes the level of access control for each recipient. Theoriginator is also able to track the dissemination trail of reviewers,so that the originator can more accurately assess the valued perceptionof the information by others.

While the present invention has been particularly described, inconjunction with a specific preferred embodiment, it is evident thatmany alternatives, modifications and variations will be apparent tothose skilled in the art in light of the foregoing description. It istherefore contemplated that the appended claims will embrace any suchalternatives, modifications and variations as falling within the truescope and spirit of the present invention.

1. A method of autonomic building and updating access control forreferenced databases in documents sent via email by an originator toaddressees, comprising: dynamically updating an access control list ofsaid addressees for said originator of said email; tracking distributionroutes of said documents in a repository; providing a request to saidoriginator and a response from said originator to any of said addresseesfor approving, altering, or rejecting the access of said referenceddatabases in said documents, said request including acquiring approvalfrom said originator, or a response from said originator for altering orrejecting access of said reference documents; and deploying processsoftware for updating access control for referenced databases indocuments sent via email by an originator to addressees.
 2. The methodof claim 1 further comprising building and accessing said documentthrough usage of a common email system.
 3. The method of claim 1comprising generating a database request table including identifyingdatabase servers, addressees, and types of access control.
 4. The methodof claim 1 wherein providing said request to said originator includeshaving said originator receive said request in the form of an email thatprovides a mechanism for approving, rejecting, or altering each accesscontrol list for each new addressee.
 5. The method of claim 4 furthercomprising determining whether said addressees and access requests foreach of said addressees match said access control list within eachdatabase.
 6. The method of claim 5 further comprising updating saidaccess control list to match said database transaction.
 7. A method ofautonomic building and updating access control of referenced databaseson documents shared via email, comprising: selecting a list ofaddressees in an email transmission to give access to said referenceddatabases; selecting the type of access for said selected list ofaddressees; constructing an email transaction to send to an originator,said email transaction including database and access requests for eachof said addressees; providing a request to said originator and aresponse from said originator to any of said addressees for approving,altering, or rejecting the access of said referenced databases in saiddocuments, said request including acquiring approval from saidoriginator, or a response from said originator for altering or rejectingaccess of said reference documents; deploying process software forupdating access control for referenced databases in documents sent viaemail by an originator to addressees; constructing database transactionsto send to database servers; sending said database transactions to saiddatabase servers; matching said list of addressees and access requeststo an access control list in said database; sending said emailtransaction to said addressees; requesting forwarding approval by saidaddressees of said referenced databases from said originator;transmitting a forwarding approval or rejection from said originator tosaid addressee; and tracing email forwarding for said originator.
 8. Themethod of claim 7 wherein selecting the type of access further comprisesproviding a menu for said originator of said email transmission.
 9. Themethod of claim 7 wherein constructing said email transaction to send tosaid originator further comprises sending said transaction to saidoriginator for access approval or rejection of said referenceddatabases.
 10. The method of claim 7 wherein said database transactionscomprise information from a database request table.
 11. The method ofclaim 7 further comprising having said database servers process databaseaccess requests.
 12. The method of claim 7 further comprising updatingsaid access control list if said match is not complete.
 13. A programstorage device readable by a machine, tangibly embodying a program ofinstructions executable by the machine to perform method steps forbuilding and updating access control for referenced databases indocuments sent via email by an originator to addressees, said methodsteps comprising: dynamically updating an access control list of saidaddressees for said originator of said email; tracking distributionroutes of said documents in a repository; providing a request to saidoriginator and a response from said originator to any of said addresseesfor approving, altering, or rejecting the access of said referenceddatabases in said documents, said request including acquiring approvalfrom said originator, or a response from said originator for altering orrejecting access of said referenced databases in said documents; anddeploying process software for updating access control for referenceddatabases in documents sent via email by an originator to addressees.14. The program storage device of claim 13 further comprising the methodstep of tracking recipients of said email that are linked to saiddocument.
 15. The program storage device of claim 13 further comprisingthe method step of having said originator receive said request in theform of an email that provides a mechanism for approving, rejecting, oraltering each access control list for each new addressee.
 16. Theprogram storage device of claim 13 further comprising the method step ofbuilding an appropriate database transaction for each database server.17. A program storage device readable by a machine, tangibly embodying aprogram of instructions executable by the machine to perform methodsteps for building and updating access control for referenced databasesin documents sent via email by an originator to addresses, said methodsteps comprising: selecting a list of addressees in an emailtransmission to give access to said referenced databases; selecting thetype of access for said selected list of addressees; constructing anemail transaction to send to an originator, said email transactionincluding database and access requests for each of said addressees;providing a request to said originator and a response from saidoriginator to any of said addressees for approving, altering, orrejecting the access of said referenced databases in said documents,said request including acquiring approval from said originator, or aresponse from said originator for altering or rejecting access of saidreferenced databases in said documents; deploying process software forupdating access control for referenced databases in documents sent viaemail by an originator to addressees; constructing database transactionsto send to database servers; sending said database transactions to saiddatabase servers; matching said list of addressees and access requeststo an access control list in said database; sending said emailtransaction to said addressees; requesting access approval by saidaddressees of said referenced databases from said originator;transmitting a forwarding approval or rejection from said originator tosaid addressee; and tracing email forwarding for said originator. 18.The program storage device of claim 17 further comprising the methodstep of sending said transaction to said originator for access approvalor rejection.
 19. The program storage device of claim 17 comprising themethod step of administering access approval for viewing, editing, oradministrating said referenced databases.